getEffectivePermissions function

Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.

Retrieves the effective permissions of the currently authenticated user


One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type Permissions (from most to least privileged)
Delegated (work or school account)
    Role-based access control DeviceManagementRBAC.ReadWrite.All, DeviceManagementRBAC.Read.All
Delegated (personal Microsoft account) Not supported.
Application Not supported.

HTTP Request

GET /deviceManagement/getEffectivePermissions

Request headers

Header Value
Authorization Bearer <token> Required.
Accept application/json

Request body

In the request URL, provide the following query parameters with values. The following table shows the parameters that can be used with this function.

Property Type Description
scope String Not yet documented


If successful, this function returns a 200 OK response code and a rolePermission collection in the response body.



Here is an example of the request.



Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 471

  "value": [
      "@odata.type": "microsoft.graph.rolePermission",
      "actions": [
        "Actions value"
      "resourceActions": [
          "@odata.type": "microsoft.graph.resourceAction",
          "allowedResourceActions": [
            "Allowed Resource Actions value"
          "notAllowedResourceActions": [
            "Not Allowed Resource Actions value"